Cost-damage analysis of attack trees

Milan Lopuhaä-Zwakenberg*, Mariëlle Stoelinga

*Corresponding author for this work

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

18 Downloads (Pure)

Abstract

Attack trees (ATs) are a widely deployed modelling technique to categorize potential attacks on a system. An attacker of such a system aims at doing as much damage as possible, but might be limited by a cost budget. The maximum possible damage for a given cost budget is an important security metric of a system. In this paper, we find the maximum damage given a cost budget by modelling this problem with ATs, both in deterministic and probabilistic settings. We show that the general problem is NP-complete, and provide heuristics to solve it. For general ATs these are based on integer linear programming. However when the AT is tree-structured, then one can instead use a faster bottom-up approach. We also extend these methods to other problems related to the cost-damage tradeoff, such as the cost-damage Pareto front.
Original languageEnglish
Title of host publication2023 53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks (DSN)
PublisherIEEE
Pages545-558
Number of pages14
ISBN (Print)979-8-3503-4793-7
DOIs
Publication statusPublished - 2023
Event53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023 - Porto, Portugal
Duration: 27 Jun 202330 Jun 2023
Conference number: 53

Conference

Conference53rd Annual IEEE/IFIP International Conference on Dependable Systems and Networks, DSN 2023
Abbreviated titleDSN 2023
Country/TerritoryPortugal
CityPorto
Period27/06/2330/06/23

Fingerprint

Dive into the research topics of 'Cost-damage analysis of attack trees'. Together they form a unique fingerprint.

Cite this